RHEL 7 Atomic Host Bolsters Container SecurityMarch 9, 2015
Red Hat last week made Red Hat Enterprise Linux 7 Atomic Host generally available, following a four-month live beta test. "The beta release was very successful," said Lars Herrmann, senior director of product strategy at Red Hat. Feedback from customers and partners "helped us refine several features and tools" for the GA version. Atomic Host is a lean OS designed to run Docker containers.

Windows Caught in Path of FREAK Security StormMarch 6, 2015
Microsoft on Thursday issued a security advisory acknowledging a vulnerability in all versions of Windows that could allow FREAK exploits. Windows systems previously were thought to be immune to FREAK attacks. "The vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system," the advisory reads.

Bracing for the Cyberthreat DelugeMarch 6, 2015
Almost 17,000 malware alerts surface every week, the Ponemon Institute recently found. Only 4 percent of alerts were investigated, and traditional antivirus products missed nearly 70 percent of malware in the first hour, researchers discovered in a recent Damballa study.
Rescanning led to identification of 66 percent of the malware in 24 hours and 72 percent after seven days.

China's Cybersecurity Plans Draw US FireMarch 5, 2015
China should change its tune on new rules for purchases from American high-tech companies if it wants to do business with the United States, President Obama recently warned. China reportedly is planning to ask U.S. high-tech firms to hand over their encryption keys and install security backdoors in their systems to allow surveillance as a counterterrorism measure.

BlackBerry Makes a Leap in the DarkMarch 4, 2015
BlackBerry introduced its new Leap smartphone at the Mobile World Congress in Barcelona, Spain. Equipped with a touchscreen rather than a physical keyboard, the Leap is a successor to BlackBerry's Z3 model. Its enhanced security and performance features are designed to appeal to young professionals and startup companies. BlackBerry is counting on the Leap to help it bounce back.

Government Spies Came Up Dry, Says GemaltoFebruary 26, 2015
SIM card maker Gemalto, whose networks reportedly were breached by hackers from the United States National Security Agency and the UK's GCHQ, on Wednesday said the spies got nothing. The hackers stole cryptokeys for millions of SIM cards, according to The Intercept, which cited documents released by NSA whistle-blower Edward Snowden. Gemalto denied any SIM cryptokeys had been stolen.

Malicious Emailers Find Healthcare Firms Juicy PreyFebruary 26, 2015
Healthcare providers have garnered growing interest from hackers in recent months. More evidence of that trend appeared last week in a report on email trust. An email that appeared to come from a healthcare company was four times more likely to be fraudulent than an email purportedly from a social media company like Facebook, one of the largest creators of email on the Internet, Agari found.

Yahoo CISO, NSA Chief Slug It Out Over Security BackdoorsFebruary 25, 2015
Yahoo CISO Alex Stamos on Monday confronted NSA Director Adm. Mike Rogers over the United States government's plan to require built-in backdoors in hardware and software made by American companies. The exchange took place at the New America Foundation's cybersecurity conference. Building backdoors into cryptography is "like drilling a hole in the windshield," Stamos said.

Cyberthieves Bag a Billion in Snail-Speed Bank HeistsFebruary 18, 2015
Criminals using Carbanak malware have stolen up to $1 billion from 100 financial institutions in Russia, China, Germany and the United States, Kaspersky Lab has revealed. The gang is expanding operations to other countries. Kaspersky has advised financial institutions to scan their networks for intrusion by Carbanak. "These are advanced threat actors," said Lancope CTO TK Keanini.

NSA Suspected of Spreading Super-Resistant MalwareFebruary 17, 2015
Kaspersky Lab on Tuesday announced the discovery of what may be the most sophisticated malware ever. The malware's creators, whom Kaspersky has dubbed "The Equation Group," use a never-seen-before tactic to infect hard drives' firmware. The technique "makes traditional antivirus and antimalware software practically useless," said Protegrity VP of Products Yigal Rozenberg.

Encryption Can Create Stormy Weather in the CloudFebruary 17, 2015
Encryption has received a lot of attention lately as a solution to the growing data breach problem, but one of the hang-ups dogging the technology has been its ability to play nice in the cloud. That's especially true if an organization wants to control the keys by which its data is scrambled and use services offered by a cloud provider beyond simple storage.

Facebook Launches ThreatExchange to Stymie CybercrimeFebruary 13, 2015
"Threat researchers do already share this data manually," Jeremy Demar, director of threat research at Damballa, told TechNewsWorld. "The value in systems like this isn't the ability to share raw intelligence [it's the] structured data that allows for the information to be accessed quickly and easily by the users." ThreatExchange is based on Facebook's ThreatData threat analysis framework.

Box to Let Enterprises Bring Their Own Keys to the CloudFebruary 11, 2015
Box on Tuesday raised the curtain on a new offering that allows its enterprise customers to control the digital keys used to encrypt their data stored in the storage provider's cloud. Box is working with Amazon Web Services and Gemalto to bring to market "Box Enterprise Key Management," and give its most security-minded customers total control over the keys used to encrypt data they store on Box.

Bug Bounties Entice Researchers to Don White HatsFebruary 10, 2015
Bug bounty programs are used by individual software makers to improve the quality of their products, but they can have incidental benefits for all software makers, too. One of those is to encourage bug hunters to wear a white hat instead of a black one. When you make it easy for hackers to do the right thing, the majority will," noted Alex Rice, CTO of HackerOne.

Anthem Mega-Breach Jeopardizes 80 Million ConsumersFebruary 5, 2015
Hackers broke into the databases of Anthem Inc., the second-largest health insurer in the U.S., and stole up to 80 million customers' personal information. The data includes current and former customers' names, birthdays, medical IDs, social security numbers, street addresses, email addresses and employment information, Anthem president and CEO Joseph Swedish wrote in a note sent to customers.

IoT Risky Business for Enterprise NetworksFebruary 5, 2015
There were 9 billion Internet of Things units installed at the end of 2013 -- and analysts expect the figure to hit 28 billion by 2020. That's going to make life difficult for IT security admins. A Tripwire survey found that employed consumers who took work home had an average of 11 IoT devices on their home networks, and 24 percent of them had connected at least one of these devices to their enterprise network.

Infected Android Apps From Google Play Affect MillionsFebruary 4, 2015
The malware harbors fake ads that pop up when users unlock their devices, to warn them about nonexistent infections, or that their devices are out of date or have porn. Victims are then asked to take action. If they agree, they are redirected to poisoned Web pages that contain a variety of hazards. Google spokesperson Elizabeth Markman did not confirm how many devices had been hit.

AWS Success Underscores Demand for Cloud ServicesFebruary 2, 2015
Despite several highly publicized cloud hacks last year -- including the iCloud and Sony breaches -- the demand for cloud services is skyrocketing. Amazon Web Services grabbed 30 percent of the global cloud infrastructure service market in Q4, Synergy Research reports. AWS grew 51 percent year over year (YoY). Why the mad rush to the cloud? Isn't security an issue any more? And who's buying into the cloud?

China May Write New Rules for US Businesses Selling Tech to BanksFebruary 2, 2015
A group of organizations representing American businesses last week requested urgent discussion and dialog with China's government. They expressed concern about the possible adoption of a policy to ensure that any Internet and information communications technology products Chinese banks purchase from companies outside of China are secure and controllable.

Amazon WorkMail Lifts Back-End Email Burden From IT's ShouldersJanuary 30, 2015
Amazon is making a play for the enterprise email market. Offered by Amazon Web Services, WorkMail targets companies that want to move their on-premises email services to the cloud. WorkMail reduces complexity and cost. With all mail infrastructure relocated to Amazon's cloud, a company no longer need be concerned with buying hardware, installing patches, and installing mail backup systems.

POS Terminals Rich Vein for Gold-Digging HackersJanuary 28, 2015
Hackers are like gold miners. Once they find a rich vein for their malware, they mine it until it's dry. Point-of-sale terminals are such a vein, and it doesn't appear that it's one that's about to run dry any time soon. Following the success of the Target breach in 2013, the hacker underground was quick to rush more POS malware to market.

Businesses Seek Liability Protection for Cybersecurity DisclosuresJanuary 28, 2015
"No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families," President Barack Obama told the U.S. Congress during the State of the Union Address last week. However, hunting down the perpetrators of cyberattacks that compromise national security or disrupt commerce is only going to get more difficult in the future.

White House Jump-Starts Cybersecurity Protection ProgramsJanuary 23, 2015
As members of the U.S. Congress started to prepare for the upcoming legislative session, President Obama lost little time in putting cybersecurity near the top of a to-do list for lawmakers. During a visit to the federal National Cybersecurity Communications Integration Center, Obama called for additional legislation to improve information technology protection.

Businesses Waste Big Bucks Fighting Phantom CyberattacksJanuary 21, 2015
Businesses spend an average of $1.27 million a year chasing cyberthreats that turn out to be dead ends. That is one of the findings in a report released last week on the cost of containing malware. In a typical week, an organization can receive nearly 17,000 malware alerts, although only 19 percent of them are considered reliable, the researchers found.